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Sir: 

REPLY BRIEF 

The following comments respond specifically to arguments made by the Examiner 
in the "Response to Argument" portion of the Examiner's Answer mailed November 21, 
2007, as the remaining portion of the Examiner's Answer appears to be a verbatim copy 
of the Final Rejection and is thus fully responded to in the previously filed Appeal Brief. 

The Examiner's responses to the arguments appear to be in order and directed to 
the Appeal Brief section A, subheadings 1-8. However, there appears to be no response 
to the remaining arguments made in Appellants' Appeal Brief, i.e., in sections B-H. The 
Examiner's failure to respond to the Appeal Brief sections B-H is taken as an admission 
that the Examiner has no response to those arguments. Appellants will address the 
alleged "Response to Argument" referencing argument A(l) to A(8) as follows. 
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1, Rebuttal to the Examiner's response to Brief section A(l) 

On page 18, in the first paragraph under section 10 "Response to Argument " the 
examiner alleges that Appellants' Brief argument beginning on page 24 "is not persuasive 
because Baker discloses that a plurality of users have been placed in different classes 
(Col. 4, lines 47-51) for the purpose of delegating access control to data (Col. 4, lines 51- 
56 & Col. 5, lines 6-12)." 

Baker does NOT disclose users placed in different classes: users may be in 
different classes but they are not placed in them by Baker because they are pre-existing. 
Baker does not place a parent in a parent class because the parent is already there. This 
distinction is important because Appellants' invention is directed inter alia to situations in 
which individual persons are allocated to (or placed in) classes or groups defined by the 
implementing computer system. For example, an individual may be allocated by the 
computer system to a customer group and thereafter obtain access to all data available to 
all other members of that group. 

Unlike Baker and the alleged parent, student etc. groups, the individual person is 
given no access whatsoever to data until he or she has been allocated by the computer 
system to a human user group defined by the computer system, not by parenthood etc. 
which is independent of the computer system. 

The Examiner also alleges that "[i]t is clear when Baker states . . . that human 
computer users are being discussed . . . Baker does NOT disclose human users 
allocated to different classes: users may be in different classes but they are NOT 
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allocated to them by Baker and Baker does not disclose recognition of their class instead 
of each human user's identity. This is yet another suggestion by the Examiner that Baker 
discloses something that it clearly does not. The whole point of Appellants' invention is 
that it replaces recognition of each individual person's identity with recognition of a 
group identity common to multiple group members. 

Baker could be modified to deal with users in different classes or groups, but, 
absent the hindsight afforded by knowledge of Appellants' invention, such modification 
must be based on what Baker actually discloses - computer terminal IDs or a unique 
password for each individual person. To adapt Baker for use with groups, a group might 
be given access to computer terminals enabled to have access to information appropriate 
to that group: e.g. teachers use terminals having access to all data, but students use 
terminals having access to limited types of data only - however this is not the claimed 
invention. 

Baker mentions a unique password for each individual group member and by 
combining Baker column 4 lines 36-46 with column 4 lines 47-49, it can be inferred that 
a class of users would be defined simply as a list of individual persons' identities/ 
passwords, because nothing else is disclosed by Baker : i.e. groups are defined by lists of 
all of the different unique passwords of the groups members. This is quite different to 
Appellants' invention, which uses the same identifier for all members of a group, not 
different identifiers for different members. 
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2. Rebuttal to the Examiner's response to Brief section A(2) 

In attempting to rebut this portion of the Appellants Brief beginning on page 25, 
the Examiner suggests on page 19, lines 3 and 4, that "Baker discloses authentication of 
actual users and/or user terminals (Col. 4, lines 48-49)." 

Baker does NOT disclose authentication of actual users and/or user terminals. 
Baker's col. 4, lines 48-49 discloses the possibility of modifying Baker to recognize 
classes of users and/or user terminals but does not teach how this could be accomplished. 

As has been noted above, Baker discloses computer terminal IDs and unique 
passwords for individual persons, so recognition can be inferred as consisting of checking 
a list of computer terminal IDs or unique passwords. A computer terminal ID or a unique 
password is not authenticated evidence, it is merely evidence that the ID or password has 
been obtained, perhaps by illicit means. Authenticated evidence is evidence which has 
gone through a process of authentication before it is submitted to a computer system such 
as Baker by a person requiring data access. 

3. Rebuttal to the Examiner's response to Brief section A(3) 

The Examiner alleges that the Appeal Brief argument sub-section (3) beginning on 
page 26, is not persuasive "because Baker discloses that the relational database would 
include a listing of director and/or subdirectory identifiers that a particular user or user 
group would be granted or denied access to (Col. 5, lines 10-12)." (First full paragraph 
on page 19 of the Examiner's Answer). 
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Baker, at Col 5, lines 10-12, statement "listing of directory and/or subdirectory 
identifiers that a particular user or user group would be granted or denied access to" is not 
a disclosure of dataset access categories. Instead, it is a disclosure of distinguishing items 
of data to which access is granted or denied on the basis of their location in a database. 

The above distinction is important because Appellants' invention is usable inter 
alia with data labeled with its dataset access category and to determine whether or not 
access is to be granted on the basis of that labeling. 

Unlike Baker, Appellants' invention does not distinguish between items of data to 
which access is granted or denied on the basis of such items' locations in a database. 
Indeed, it is an important advantage of Appellants' invention over Baker that it is not data 
location dependent, because databases (particularly Internet accessible databases) are 
normally organized and indexed on a subject matter basis. Such security cannot be relied 
on to have directories and/or subdirectories which are split into different sections 
accessible by different users or groups. 

4. Rebuttal to the Examiner's response to Brief section A(4) 

The Examiner's allegation in the paragraph bridging pages 19 and 20 of the 
Examiner's Answer appears to be an attempt to mislead and/or prejudice the Board's 
understanding of the claimed invention. The Examiner alleges that Appellants Brief, in 
subsection (4) beginning on page 27, has admitted that "Baker discloses use of a personal 
password unique to an individual (i.e., human user) for authentication." 
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In fact, what Appellants' Appeal Brief said was that the Baker disclosure "merely 
discloses use of a personal password unique to an individual . . . ." Appellants made no 
admission with respect to the personal password providing " authenticated evidence of 
membership " (emphasis added) which is also required by the independent claims. 

Baker's disclosure of use of a personal password unique to an individual human 
user is completely irrelevant to the patentability of Appellants' invention, which not only 
does not use passwords but even declares the same to be prior art (see Appellants' 
specification at page 1 line 20 to page 2 line 2, where passwords are subsumed in the 
expression "identity indicators"). 

Indeed, it is a major advantage of Appellants' invention that such personal 
passwords unique to individuals are rendered unnecessary, because they are onerous 
when large numbers of individuals are involved (see Appellants' specification at page 1 
lines 28 to 30). 

The Examiner goes on to allege in the sentence bridging page 19 and 20 of the 
Examiner's Answer, that page 553 provides the requisite teaching of the claim limitation 
and that page 548 suggests the requisite motivation for combining teachings. This 
contention by the Examiner is respectfully traversed, as the Examiner did NOT provide 
the requisite citations in the Final Office Action mailed 3 1 January 2007 in the last 
paragraph of page 4 to the first paragraph on page 5 which refers to Davis. Again, the 
Examiner incorrectly suggests that the issue is authenticating an individual user , which 
is quite wrong and confuses authentication of a system user's identity with 
authentication of a user group's identity. Authenticating a system user's identity is 
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irrelevant because Appellants' claimed invention does not need do this. As has been 
previously noted, Appellants' invention avoids the need to identify an individual 
requiring access to data, and instead identifies and authenticates the group to which such 
an individual has been allocated by Appellants' invention. 

Furthermore, the Examiner's indicated citation in the Final Office Action pages 
4/5 is Davis, and Davis uses a certificate to authenticate a single human user, not a group: 
in this regard see Davis page 553, heading B. Access Server Model, where a (single 
human) user Jane Baker requires access in the second paragraph, and in the fourth 
paragraph the access server verifies (or authenticates) the individual user's identity (not 
that of a group) using the public key in the user's Certificate. 

5, Rebuttal to the Examiner's response to Brief section A(5) 

The Examiner alleges that the Appeal Brief argument of subsection (5) beginning 
on page 28 is "not persuasive because the Examiner did provide a 'reason/motivation' for 
the proposed Baker/Davis combination in the Final Office Action." 

The cited portion of the Davis reference at page 548 under heading B fails to 
disclose Appellants' invention because Davis relates to verifying (or authenticating) an 
individual user's identity, not that of a group, and so Davis does not remedy Baker's 
deficiencies, i.e., failures to disclose: 

a) allocating users to groups, or 



-7- 



1295026 



• SIMPSON et al 
Serial No. 10/088,541 

b) access to a dataset in response to a user group member providing 
authenticated evidence of membership of a user group with an appropriate dataset access 
category. 

Moreover, Baker does not rely on evidence of user group membership and 
therefore has no reason to authenticate an user group membership. Consequently, absent 
the hindsight afforded by knowledge of Appellants' invention, there is no motivation in 
Baker to search for authentication of evidence of user group membership in Davis or any 
other reference. Moreover, Baker discloses identification by unique password, not public 
key/private key identification and thus would lead those of ordinary skill away from the 
claimed invention.. Baker and Davis are therefore not properly combined. 

6. Rebuttal to the Examiner's response to Brief section A(6) 

The Examiner alleges in the paragraph bridging pages 20 and 21 of the 
Examiner's Answer, that the Appeal Brief argument (in subsection (6) beginning on page 
29) is not persuasive "because the claims require 'providing authenticated evidence of 
membership of that user group' and Davis discloses (Page 553) a user request access to 
an object . . . ." This allegation by the Examiner is also simply incorrect. 

The Examiner appears to be taking an element from Appellants' claimed invention 
which is not disclosed in Davis and simply arguing that it is disclosed in Davis and 
therefore Davis supports the argument. This circular reasoning on the Examiner's part 
simply has nothing to do with the rejection of claims based upon obviousness. 
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Specifically, the Examiner has simply taken the phrase "and the user group" (see 
line 2, page 21 of the Examiner's Answer) from Appellants' invention and added it to 
Davis. As previously shown, Davis (page 553, heading B. Access Server Model) 
discloses a single human user, Jane Baker, requiring access in the second paragraph, and 
in the fourth paragraph the access server verifies or authenticates the individual user's 
identity using the public key in the user's Certificate. Davis has no disclosure of giving 
dataset access in response to "authenticated evidence" of group membership in a "user 
group." The examiner has simply invented all teachings in which Davis discloses a "user 
group" 

7. Rebuttal to the Examiner's response to Brief section A(7) 

The Examiner alleges this portion of the Appeal Brief (subsection (7) also 
beginning on page 29) is not persuasive because "Davis discloses that the verification 
data in the signed request is directly linked to the 'userClass' which identifies the user 
groups allowed access to the restricted object (Page 553, Section B)." 

Here, the Examiner selectively omits reference to those parts of Davis which 
contradict his argument, and then misinterprets the rest of Davis. Davis states (page 553, 
heading B. Access Server Model, fourth paragraph) that "[t]he access server retrieves the 
public key from the user's Certificate which it received from the LDAP response and 
uses it to verify the identity of the user sending the request. If the user is verified . . . ." 
Thus it is abundantly clear that Davis verifies or authenticates the individual user's 
identity, not a user group membership. 
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Turning now to the Examiner's suggestion that Davis discloses verification data in 
the signed request being directly linked to the "userClass" (Examiner's Answer page 21 , 
lines 5-8) which purportedly identifies the user groups allowed access to the restricted 
object, this is misleading. 

The "userClass" has nothing whatsoever to do with verification of identity in 
Davis. Davis (page 553, heading B. Access Server Model, fourth paragraph, second 
sentence) states "If the user is verified, the access server compares the returned userClass 
string to the groups allowed access to the requested object" This extract makes it entirely 
clear that the identity verification or authentication step is carried out before and 
independently of use of the userClass string, which appears merely to indicate the 
equivalent of a dataset access category which Appellants do not claim to be novel. Also, 
were the userClass to be used to identify a user group membership, Davis' verification or 
authentication of an individual user's identity would be entirely unnecessary. 

8. Rebuttal to the Examiner's response to Brief section A(8) 

As previously stated herein and as indicated in the Appeal Brief, the Baker/Davis 
combination fails to anticipate Appellants' invention because Davis relates to verifying 
(or authenticating) an individual user's identity, not that of a group, and so Davis cannot 
remedy Baker's deficiencies of failure to disclose: 

a) allocating users to groups, or 
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b) access to a dataset in response to a user group member providing 
authenticated evidence of membership of a user group with an appropriate dataset access 
category. 

Furthermore, Hsiao does not remedy these deficiencies either. Hsiao does not 
disclose allocating users to groups or authenticated evidence of membership of a user 
group. The only extract from Hsiao of the remotest relevance is col. 5 lines 39-42 
relating to meta data. Hsiao does not even disclose meta tags. Consequently, since the 
Baker/Davis combination fails to anticipate Appellants' invention, the Baker/Davis/Hsiao 
combination also fails to anticipate Appellants' invention. 

There is no motivation to combine Hsiao with Baker and Davis. Baker is 
predicated on a fundamental assumption that control of access to data will be adequate if 
access to databases or directories or subdirectories is restricted: i.e. Baker either does or 
does not give access to databases or directories or subdirectories according to their 
location. There is no disclosure of individual items within a directory being labeled to 
indicate access restriction and access being granted or denied based on the individual 
item's label. Consequently there is no motivation in Baker to search for a data item 
labeling technique, and indeed Hsiao does not disclose labels in the form of meta tags. 
Appellants would observe that motivation for combining Baker with any other reference 
must flow from Baker as the primary reference, not from anything in Hsiao. 

The Examiner alleges on page 21, lines 10-11, that "Appellant has failed to point 
out how Hsiao fails to meet the claim limitations." This is incorrect and the Examiner's 
attention is directed to the Appeal Brief under section B on page 31, second paragraph, in 
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which it is noted that "at no point in the Final Rejection does the Examiner contend that 
the Hsiao reference supplies any feature, logic or method step which, as discussed above, 
is missing from the Baker and Davis references." As a result, the Brief correctly 
concludes that, Hsiao, even if combined with Baker and Davis, could not disclose the 
subject matter claimed. 

The Examiner now attempts to argue that "it is well known and practiced in the art 
to associate meta data with tags on documents to be stored in a database system" and that 
this somehow discloses what is missing from the cited references. 

Inasmuch as this is the first instance where the Examiner suggests that the feature 
missing in the Baker/Davis/Hsiao combination is somehow well known, Appellants cite 
the Manual of Patent Examining Procedure (MPEP) Section 2144.03 and respectfully 
traverses the Examiner's assertion that the same is well known and practiced in the art. 
As required by the MPEP, the Examiner must cite a reference in support of his or her 
position. Because this is the first argument that the missing feature are "well known and 
practiced in the art," Appellants are entitled to traverse the allegation of "well known." 

In view of the above, the Examiner's limited response to the bases of rejection set 
out in the Appellants' Brief is simply a defective Examiner's Answer. Consequently, in 
view of the Appellants contention that each of the Examiner's rebuttals to the eight 
subsections in section A of the Brief are without support in the cited references and the 
Examiner's apparent admission that sections B-H of the Brief are correct, it is submitted 
that there is simply no supportable basis for rejecting claims 1-45 under 35 USC §103. 



- 12- 



1295026 



SIMPSON et al 
Serial No. 10/088,541 

Thus, and in view of the above, the rejections of claims 1-45 are clearly in error 
and reversal thereof by this Honorable Board is respectfully requested. 



Respectfully submitted, 
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